libcurl introduced a segfault where a RHEL 6.1 machine registered at RHN would result in a segmentation fault (core dumped) after running "yum clean all" and "yum update" respectively. "CERT_GetDefaultCertDB" is now used to prevent a segmentation fault after the "yum clean all" and "yum update" sequence. (BZ#690273)

libcurl HTTPS connections failed with a CURLE_OUT_OF_MEMORY error when given a certificate file name without a "/". This is now fixed to treat such a string as certificate nickname and if a file with the same name exists and libcurl runs in verbose mode, a warning is issued. The updated documentation now suggests to use the "./" prefix to load a file from the current directory. (BZ#623663)

A rebuild operation for curl failed if the libnih-devel package was installed. This is now fixed to allow a rebuild whether libnih-devel is installed, not installed or has a broken installation. (BZ#669048)

libcurl ignored the CA path provided in CURLOPT_CAPATH and consequently curl ignored the "--capath" argument provided. This is fixed so that libcurl now uses the value provided with the the "--capath" argument. (BZ#669702)

libcurl leaked memory and eventually resulted in a failed NSS shutdown when more than one CA certificate was loaded. This is now fixed so that libcurl works as expected when more than one CA certificates is loaded. (BZ#670802)

libcurl leaked memory when an SSL connection failed. This is now fixed to prevent the memory leak during an SSL connection failure. (BZ#678594)

libcurl's FTP protocol implementation was unable to handle server session timeouts correctly. This is now fixed so that libcurl drops the connection when a 421 timeout response is received. (BZ#651592)

libcurl failed when an LDAP request was sent using curl through a HTTP proxy in tunnel mode (curl option "-p" or "--proxytunnel"). Curl tried to connect directly to the LDAP server via the proxy port and consequently failed. This is now fixed to allow libcurl LDAP connections through HTTP proxies to work as expected. (BZ#655134)

libcurl was unable to authenticate http proxies via Kerberos. This is now fixed and libcurl can successfully authenticate http proxies via Kerberos. (BZ#625685)

When libcurl connected a second time to an SSL server with the same server certificate, the server's certificate was not re-authenticated because libcurl confirmed authenticity before the first connection to the server. This is fixed by disabling the SSL cache when it is not verifying a certificate to force the verification of the certificate on the second use. (BZ#678580)

Kerberos authentication was broken for reused curl handles, which prevented "git clone"' from working with Kerberos authenticated web servers. This is now fixed to allow "git clone" operations to successfully authenticate and carry out operations. (BZ#684892)

It was not possible to use two distinct client certificates to connect two times in a row to the same SSL server. This is now fixed to allow two different client certifications to connect to the same SSL server. (BZ#694294)